Published: 28/04/2020 Updated: 31/08/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otrs otrs
debian debian linux 8.0

Debian Bug report logs - #959448 otrs2: CVE-2020-1774 Package: src:otrs2; Maintainer for src:otrs2 is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 May 2020 13:36:01 UTC Severity: important Tags: security, upstream Found in version otrs2/6027-1 Re ...

NVD-CWE-Other https://otrs.com/release-notes/otrs-security-advisory-2020-11/https://lists.debian.org/debian-lts-announce/2020/05/msg00000.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959448 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-1774

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect